You have been eagerly waiting, and we have been working hard over the summer to deliver the latest Exchange Server 2010 enhancements as soon as possible.

I am extremely happy to announce the availability of Exchange Server 2010 Service Pack 1, ready for download here.

 what's new  release notes

External Source: http://msexchangeteam.com/archive/2010/08/23/455899.aspx

Since the earliest versions of Exchange Server, the Information Store Integrity Checker (ISInteg) has offered Exchange administrators a way to check mailbox and public folder database integrity. ISInteg checks and fixes Exchange database errors that may prevent the database from mounting, prevent the user from logging on or from receiving, opening or deleting email. Curious to know what changes are coming to ISInteg in Exchange 2010 SP1? Let's take a look.

In Exchange 2010 SP1, ISInteg is no longer a standalone program.

The functionality provided by the ISInteg tool has been rolled into two new Exchange Management Shell cmdlets:

• New-MailboxRepairRequest
• New-PublicFolderDatabaseRepairRequest

Note: Like other Shell cmdlets, these are subject to Role-Based Access Control (RBAC) scoping restrictions. For details, see Understanding Management Role Scopes.

Cool Features

These new ISInteg cmdlets come with some cool new functionality!

• The cmdlets work with the database mounted. It's no longer required to unmount the database to perform an integrity check or fix database errors.
• You can repair logical corruption at the mailbox level.
• You can fix corrupt search folders.
• You can fix the Provisional Fid.
• You can fix Aggregate Counts.

ISInteg can now work at the database or mailbox level

How does it do that? Well, the new schema in Exchange 2010 effectively partitions the database by mailbox. So the top problems fixed by ISInteg are now mostly limited to the affected mailboxes only. Previous versions of ISInteg required the database to be offline while validation and fixing are in progress. In Exchange 2010 SP1, the ability to do these checks at the mailbox level removes the need to dismount the database. It is actually required to have ISInteg operate against an online database!

New-MailboxRepairRequest

The New-MailboxRepairRequest cmdlet detects and fixes the following types of mailbox corruptions:

• Search folder corruptions (SearchFolder): Repair tasks now look for all folders named in ptagSearchBacklinks, ptagSearchFIDs, and ptagRecursiveSearchFIDs and verifies that each folder exists. If the folder no longer exists, then it will remove that folder from the list.
• Aggregate counts on folders that aren't reflecting correct values (AggregateCounts): Repair tasks tally all messages in a folder and keep a running total of various counts and sizes. Once the iteration is complete, it will verify the computed counts against the persisted counts on the Folders table record for the folder. If there is a discrepancy, it will update the persisted counts to reflect the computed counts.
• Views on folders that aren't returning correct contents (FolderView): Repair tasks will iterate over all views for a folder and for each one, bring the view fully up to date and then reconstruct a temp copy. If there is a discrepancy between the existing view and the contents of the temp table, it will delete the view so it can be rebuilt from scratch the next time it is requested.
• Provisioned folders that are incorrectly pointing into unprovisioned parent folders (ProvisionedFolder): Repair tasks can fix Provisioned folders incorrectly pointing into unprovisioned parents or vice versa.

Syntax

New-MailboxRepairRequest -Mailbox <MailboxIdParameter> -CorruptionType <MailboxStoreCorruptionType[]> [-Archive <SwitchParameter>] [-Confirm [<SwitchParameter>]] [-DetectOnly <SwitchParameter>] [-DomainController <Fqdn>] [-WhatIf [<SwitchParameter>]]

New-MailboxRepairRequest -Database <DatabaseIdParameter> -CorruptionType <MailboxStoreCorruptionType[]> [-Confirm [<SwitchParameter>]] [-DetectOnly <SwitchParameter>] [-DomainController <Fqdn>] [-WhatIf [<SwitchParameter>]]

Parameters

· Database, Mailbox and Archive: You can repair an entire mailbox database or a specified mailbox by specifying either the Database or the Mailbox parameter. You can't use both. To repair the archive mailbox for the specified user, use the Archive switch.

· CorruptionType: (at least 1 required) you are already familiar with, we discussed them above:

• SearchFolder
• AggregateCounts
• ProvisionedFolder
• FolderView

You can run a repair task with multiple parameters if you separate them with a comma (as shown in the Examples section below).

· DetectOnly: (Optional) The DetectOnly switch secifies that you want this command to report errors, but not fix them. You don't have to specify a value with this switch.

· Other Optional Parameters: This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer and OutVariable. For more information, type "get-help about_commonparameters".

New-PublicFolderDatabaseRepairRequest

The New-PublicFolderDatabaseRepairRequest cmdlet detects and fixes Public Folder replication state problems.

Syntax

New-PublicFolderDatabaseRepairRequest -Database <DatabaseIdParameter> -CorruptionType <PublicFolderDatabaseCorruptionType[]> [-Confirm [<SwitchParameter>]] [-DetectOnly <SwitchParameter>] [-DomainController <Fqdn>] [-WhatIf [<SwitchParameter>]]

Parameters

• Database: (required) Specifies the Public Folder database on which you will run this command. You can use one of the following values:
  • GUID of the database

o Database name

· CorruptionType: (required) Pretty easy, there's only one value.

o ReplState

· DetectOnly: (optional) Specifies that you want this command to report errors, but not fix them. You don't have to specify a value with this parameter.

· Other Optional Parameters: This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer and OutVariable. For more information, type "get-help about_commonparameters".

Examples

New-MailboxRepairRequest -Mailbox administrator@contoso.com -CorruptionType SearchFolder, AggregateCounts, ProvisionedFolder, FolderView

New-MailboxRepairRequest -Mailbox administrator -CorruptionType SearchFolder, AggregateCounts, ProvisionedFolder, FolderView -WhatIf

New-PublicFolderDatabaseRepairRequest -Database PFD01 -CorruptionType ReplState -DetectOnly

Some additional examples are provided in the cmdlet help. You can retrieve them using the following commands, or refer to New-MailboxRepairRequest and New-PublicFolderDatabaseRepairRequest cmdlet reference:

Get-help New-MailboxRepairRequest -examples
Get-help New-PublicFolderDatabaseRepairRequest -examples

I recommend that you get to know the cmdlets by using the cmdlet reference docs, or by using the following commands to retrieve detailed help from the shell:

Get-help New-MailboxRepairRequest -detailed (or -full)
Get-help New-PublicFolderDatabaseRepairRequest -detailed (or -full)

Event Reporting

After submitting the Mailbox or Public Folder repair request, you can monitor its progress with the Event Viewer. That's right, no more text logs to weed through. The events are logged under the MSExchangeIS Mailbox Store source.

The following event IDs will be logged for repair requests:

• 10047 A mailbox-level repair request started
• 10064 A Public Folder repair request started
• 10048 The repair request successfully completed.
• 10050 The mailbox repair request task skipped a mailbox .
• 10059 A database-level repair request started.
• 10062 Corruption was detected.

Figure 1: Mailbox or Public Folder database repair request events are logged in the Application event log

Note: the repair events will only show up on the mailbox server where the mailbox or Public Folder is located.

This is very important to remember. Just because you fired off a repair task on a mailbox server does not mean the events will show up on that server. The repair task will be run on the database where the mailbox itself is, and the events will be in the event log on that mailbox server and that server alone.

Things to remember:

• Only 1 active repair task is permitted to be running per server if the active task is a database level repair.
• Only 100 mailbox level active repair tasks are permitted to be running at once per server.
• There is no -Server parameter to do all databases or mailboxes on a server.
• The repair task dies on database dismount or store stop/crash.
• The only way to stop a repair is to stop the store or dismount the database.
• Mailbox access will be disrupted for the mailbox that is being repaired.
• Repair for a mailbox will skip a mailbox if it has been quarantined.
• Repair will cause a move-mailbox operation to be delayed until the repair is completed.

external source: http://www.nojitter.com/blog/226800428

1. ROI is still king!
Despite modest economic improvement, IT budgets remain flat. Nearly 80% of companies still report flat or falling budgets for 2010, a slight improvement from 2009, but still evidence that for the foreseeable future IT purse strings will remain tightly clenched. As a result, IT leaders are rethinking their voice and UC deployment plans. Those technologies with demonstrable cost savings such as SIP trunking (96% are deploying, planning to deploy, or evaluating SIP trunking) continue to gain buyers’ eyes. Meanwhile, replacement of TDM endpoints with IP has slowed as IT managers struggle with the costs associated with infrastructure upgrades coupled with concerns around spending on desktop devices when workers are increasingly mobile or telecommuting.

UC adoptions continue to increase, with nearly 88% of companies having at least some UC plan. Though here again deployments are driven by business value. Delivering on-premise web conferencing as part of a Microsoft Office Communications Server installation is gaining traction; while adding click-to-call or desktop video to supplement voice is more difficult to justify. Video deployments continue to increase, but usually require some business case, such as replacing ISDN systems with IP, or using video to reduce travel.

2. Mobility, Mobility, Mobility!
One area where companies continue to increase spending is mobility, with nearly half of participants saying that they will increase mobility spending in 2011. Mobile spending is driven by a desire to improve the capabilities of mobile workers, leverage new mobile technologies such as two-way video and location awareness, and incorporate mobile devices into enterprise UC systems, in some cases eliminating the need for a dedicated desktop device. The rise of the iPhone continues to impact mobility spending, as more than half of participants that provide mobile devices support iPhone, despite concerns over manageability and security.

3. Social is Growing
Interest in, and adoption of, social computing as part of an enterprise collaboration and communications strategy is rapidly growing thanks to the success of public services such as Twitter and Facebook. Organizations are struggling with the need to allow innovation while meeting requirements for compliance and governance. And, they are struggling with disparate deployments of disjointed systems, often at the business unit level. Thanks to increasing integration between UC and social platforms (e.g. Cisco Quad, Microsoft SharePoint, Jive SBS, and IBM Lotus Connections) the trend is clearly toward tying social computing planning into UC architectures.

4. UC is entering the Contact Center
Just 14% of companies say they have no plans for UC in the contact center. UC in the contact center is one of the easiest areas in which to create a business case as providing front-line agents with access to subject matter experts can increase first-call resolution, a measurable metric for evaluating contact center success. Reducing call close times leads to more efficient use of call center resources, and thus lowers operating costs.

5. UC, Meet VDI Virtual desktops are on the road map for almost 74% of participants, meaning that UC planners must prepare for the eventuality of thin-client interfaces for most business applications. VDI creates problems for real-time applications that require local encoding and encapsulation of voice and video streams. Some solutions exist for voice, but we've yet to see a good method of supporting desktop video in a VDI environment. Here lies an opportunity for system vendors to deliver the capability for localized encapsulation of video in support of a virtualized desktop solution.

Microsoft has released a pre-configured VHD of v.Next Beta running on WS08R2.  You can download from the link below. 

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=1b23c540-9b9f-4d41-a05d-d4b216061957&utm_source=feedburner&utm_medium=twitter&utm_campaign=Feed:+MicrosoftDownloadCenter+(Microsoft+Download+Center)

Lab guides are posted on MSConnect.  There are eleven labs that correspond with this VHD. 

Bugs, DCR’s, general feedback can be submitted through the Microsoft Connect OpenBeta program using the feedback tool. 

If you are not a member of the v.Next OpenBeta, here is a quick link to join.  http://go.microsoft.com/fwlink/?LinkId=193914

Windows Live Essentials is a bundle of a number of the Windows Live add-on services, unified via a common installer. The Wave 4 suite includes updated versions of Messenger, Live Mail, Writer, Photo Gallery, Movie Maker, Live Sync (which is now Live Mesh plus the existing Live Sync), Family Safety and the Bing Toolbar. Microsoft delivered a first beta of the Wave 4 bundle in late June. Microsoft-provided download link,

There are a few new features in the updated beta build:  These include Facebook Chat Integration in Messenger; Bing Maps Geotag integration in Photo Gallery; and Flickr video publishing in Movie Maker.

If you download the latest beta of the suite, I’m curious to hear what you think of the new build.

Maybe many of you have already seen and love the great Posters from Technet:

• Windows Server 2008 R2: Hyper-V Component Architecture  http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5567b22a-8c47-4840-a88d-23146fd93151
• Windows Server 2008 Component Posters. http://www.microsoft.com/downloads/details.aspx?FamilyID=64a5cc28-f8a1-4b30-a4a2-455c65bda8d7&displaylang=en
• Windows Server 2008 Active Directory Component Posters: http://www.microsoft.com/downloads/details.aspx?FamilyID=c2b9e44e-0bbd-47cb-bc09-b3d48be7f867&displaylang=en
•  Remote Desktop Services Component Architecture Poster: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=9bc943b7-07c5-4335-9df9-20e77ed5032e
• Microsoft Exchange Server 2010 Transport Server Role Architecture Diagrams: http://www.microsoft.com/downloads/details.aspx?familyid=6EB8C09A-6EA4-442A-9FAA-DE33265CEB84&displaylang=en
• This poster highlights the architecture and feature set of Microsoft Exchange Server 2007. http://www.microsoft.com/downloads/details.aspx?FamilyID=FDCDF6E5-DE47-4B58-8086-282101BCDDE9&displaylang=en
• Microsoft Exchange Server 2007 Transport Server Role Architecture Diagrams: http://www.microsoft.com/downloads/details.aspx?familyid=612f811d-2953-4c08-945e-833c17150083&displaylang=en&tm
• Sharepoint 2010 Technical Diagrams: http://blogs.technet.com/b/schadinio/archive/2010/08/18/sharepoint-2010-technical-diagrams.aspx
• Exchange 2010 Technet Posters http://www.microsoft.com/downloads/en/details.aspx?FamilyID=cea0cf7e-d824-49bb-8924-39d66a5fb88e
• Microsoft Lync Server 2010 Protocol Workloads Poster   http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ad8ff3fb-014e-4fd7-8003-436d896ab0c6&displaylang=en

Additional Posters:

• IT Manager: Platform Solution Blueprint – Virtualization
• IT Manager: Platform Solution Blueprint – Security
• IT Manager: Platform Solution Blueprint – Microsoft Web Platform
• IT Manager: Platform Solution Blueprint – Business Intelligence & Search

Many of these resources are visual representations of recommended solutions. They include poster-sized documents available in formats including Microsoft Office Visio 2007 or Microsoft Visio 2010 files (.vsd), PDF files, and XPS files.

Tips for printing posters

If you have a plotter, you can print these posters in their full size. If you don't have plotter, use the following steps to print on smaller paper.

Print posters on smaller paper

1. Open the poster in Visio.

2. On the File menu, click Page Setup.

3. On the Print Setup tab, in the Printer paper section, select the size of paper you want to print on.

4. On the Print Setup tab, in the Print zoom section, click Fit to, and then enter 1 sheet across by 1 sheet down.

5. On the Page Size tab, click Size to fit drawing contents, and then click OK.

6. On the File menu, click Print
   
   .

Kinect, which enables the player to control games with the body, voice and hand gestures, will go on sale in Europe, the Middle East and Africa (EMEA) from November 10, four days after its U.S. launch, the company said on Tuesday, a day ahead of Gamescom, Europe's largest video game trade show.

A spokeswoman said Microsoft would sell the European version of Kinect for 149.99 euros ($192.1), compared with a retail price of $149.99 in the United States.

External Source:http://www.zdnet.com/blog/microsoft/microsoft-delivers-on-premises-private-cloud-building-block/7096

When it comes to building private clouds, Microsoft is planning to offer customers two ways to go: One using its Windows Azure cloud operating system on forthcoming pre-configured Windows Azure Appliances; and one assembled of various on-premises components atop Windows Server.

View Full Album

On August 15, Microsoft made available the final version of one of the building blocks for its latter option. That product — System Center Virtual Machine Manager 2008 R2 Self Service Portal 2.0 — is the customer-focused version of what was formerly known as the Dynamic Datacenter Toolkit. It is available from the Microsoft Download Center.

The VMMSSP self-service portal is a collection of tools and guidance for building cloud services on top of the Windows Server (rather than the Windows Azure) platform. As Microsoft explains it, VMMSSP is a partner-extensible offering that can be used to “pool, allocate, and manage resources to offer infrastructure as a service and to deliver the foundation for a private cloud platform inside your datacenter.” The portal features a dynamic-provisioning engine, as well as a pre-built web-based user interface that “has sectionsfor both the datacenter managers and the business unit IT consumers, with role-based access control,” according to a new post on TechNet blogs.

To use the 2.0 version of VMMSSP, users need Windows Server 2008 R2 Enterprise Edition or Windows Server 2008 R2 Datacenter Edition; IIS 7.0, Virtual Machine Manager 2008 R2, SQL Server 2008 Enterprise Edition or Standard Edition; .Net Framework 3.5 SP1, Message Queueing (MSMQ); and PowerShell 2.0. VMMSSP is not considered to be an upgrade to the existing VMM 2008 R2 self-service portal, according to company officials; users can deploy one or both. The new version, unlike the current VMM 2008 R2 portal, makes virtual machine actions extensible, enabling more customization for particular hardware configurations, according to the aforementioned blog post.

In addition to the new self-service portal and its prerequisites, other pieces of Microsoft’s on-premises private-cloud solution include BizTalk Server 2010 and Windows Server AppFabric.

Estimating your Exchange Server 2010 Client Access server capacity needs is a critical setup task. The Client Access server is the entry point for all users. In addition, the Client Access server hosts important services used by the other Exchange server roles. This white paper presents an estimate of the relative CPU weights of the different protocols on the Client Access server that can be used to produce a more detailed estimate of hardware needs when you design a new Exchange 2010 deployment or expand an existing one. As part of the testing performed while researching this white paper, the effect of MailTips and the cost of NTML versus Basic authentication were also compared.

White Paper: Understanding the Relative Costs of Client Access Server Workloads In Exchange Server 2010
http://technet.microsoft.com/en-us/library/ff803560(EXCHG.141).aspx

The new SQL Server Migration Assistant for MySQL v1.0 tool, which can be downloaded here at no cost, purportedly facilitates moving files from the open source MySQL relational database management system (through version 4.1). The tool is designed to help with migrations to Microsoft SQL Server 2005, SQL Server 2008, SQL Server 2008 R2 or SQL Azure, Microsoft's database in the cloud.

The new tool converts or migrates MySQL control statements, cursors, DML statements, stored functions, stored procedures, tables, transactions, triggers and views, according to Microsoft's announcement.

Microsoft also updated its SQL Server Migration Assistant for Access tool by releasing version 4.2, which is also available for download at no cost. This tool helps users migrate from Microsoft Access (Access 97 and higher versions) to Microsoft SQL Server 2005, SQL Server 2008, SQL Server 2008 R2 or SQL Azure.

This last part -- migrating to Microsoft's cloud-based SQL Azure -- is a new feature in this Access migration tool. Microsoft is claiming that Access users can continue to use their existing applications built on Access while tapping into SQL Azure, which offers far greater capacity and scale-up potential.

"You can also link Access tables to SQL Server tables so that you can continue to use your existing Access front-end applications with SQL Server or SQL Azure," Microsoft explains in its overview release note for the tool.

A Microsoft blog explains that "Access 2010 can connect transparently to SQL Azure data, opening up opportunities for Access users and technology providers to create rich experiences (using the familiar Access application environment they already use) while leveraging the benefits of the cloud on a 'pay as you grow' elastic basis."

For those wanting to move off Oracle 7.3 edition (or higher versions), Microsoft rolled out a new release of its SQL Server Migration Assistant for Oracle. The new version 4.2 of this tool (free download here) helps with Migrations to SQL Server 2005, SQL Server 2008 or SQL Server 2008 R2. Apparently, there is no SQL Azure migration with this tool.

Finally, Microsoft released SQL Server Migration Assistant for Sybase v4.2, which can be downloaded here for free. This tool is designed to help with migrations from Sybase ASE (version 11.9 and higher) to SQL Server 2005, SQL Server 2008 or SQL Server 2008 R2. Once again, there seems to be no SQL Azure migration option at this time.

Microsoft is promising "better support for 64-bit" platforms with the new tools. In addition, users can migrate from Access 2010, Oracle 11g R2 and Sybase 15.5 (the latest editions of those products) to SQL Server 2008 R2, Microsoft's newest relational database management server product.

external source: http://www.cio.com/article/603070/The_Trouble_with_Going_Google_Four_Reasons_Why_I_Got_Out?source=CIONLE_nlt_leader_2010-08-12

Google Apps doesn't work for all companies. Here, two customers who left Microsoft for Google Apps, then switched back, discuss their pain points

Having been in the enterprise productivity apps game for only three years, Google (GOOG) has made impressive strides with Google Apps, its Web-based messaging and collaboration suite.

Since the 2007 introduction, Google has gone from zero to more than 2 million business customers with high-profile examples including Jaguar Land Rover, Motorola (MOT), Konica Minolta and fashion conglomerate Roberto Cavalli.

Google has also won Google Apps deals with government agencies such as City of Orlando and City of Los Angeles (where all is not rosy) and sold state-wide school district migrations in Maryland, Oregon, Iowa and Colorado.

Google Apps' big draw is still price. For $50 per user, per year companies get 25GB of e-mail storage through Gmail along with Google Calendar, Google Talk and Google Groups. Collaboration apps such as Google Docs, Google Sites and Google Video are also included. As part of the deal, Google promises 99.9 percent uptime reliability and 24/7 customer support with Google Apps.

But Google Apps doesn't work for everyone

Both Aisle 7, a small health and wellness marketing company, and Serena Software, a mid-size maker of change management software, left Microsoft for GAPE (Google Apps Premier Edition) then switched back, choosing Microsoft's more expensive cloud-based service, BPOS (Business Productivity Online Suite).

Among the pain points both companies cite: Hits to e-mail productivity and insufficient customer support.

1. E-mail Interface Quirks

Aisle 7, a small health and wellness marketing company that provides content for Web sites and in-house kiosks for stores such as Whole Foods and Wal-Mart (WMT), moved to Google Apps for its 32 users in early 2009 mostly because of the low price and 25GB of e-mail storage space.

Hamstrung by an Exchange server that was failing and costly to manage, Aisle 7 needed to save money, says IT manager Jake Harris. Aisle 7's did not want to have Google Apps replace Outlook and Office, but rather complement them.

"We quickly realized that the attitude of our users was: 'Take Outlook from my cold dead hands,'" says Harris. "Only 10 people were using Gmail for e-mail initially and within three months it was down to two people. Most did not like how threaded messaging and meeting requests work in Gmail."

A big selling point for Aisle 7 was Outlook Connector (officially called Google Apps Sync for Microsoft Outlook), a plug-in that synchronizes Outlook e-mail, calendar and contacts with Google Apps. "Google promised that it would have the same feature parity as when you have Exchange on-premise. But neither Outlook Connector nor Gmail worked well."

In Gmail, a frequent irritation for Harris was that there is no way to re-send a message (as opposed to forwarding), which can come in handy if you have a regular e-mail that you send out each month. This is something that you can do in Outlook.

In Outlook Connector, a problem for Aisle 7's users was with meeting requests.

One example: If Aisle 7 users included an attachment in the meeting request, the invitees would not see the attachment nor would they be able to accept the meeting request, and the organizer wouldn't know there was a problem.

Also, if users received a meeting request in Gmail using Google Apps that was sent using Outlook, they could see the date, time and invitees, but could not see notes written in the body of the invite by the organizer.

2. User Revolt

Redwood City, Calif.-based Serena Software moved to Google Apps in late 2008 for 1,100 users, intending to forsake Outlook and Office and fully use Gmail and Google Docs. That is until a small revolt from users and the legal team, which had issues with how confusing threading can be in Gmail.

"Once users lose confidence in a tool it's hard to get them back," says Ron Brister, Serena's Director of IT.

Users were happy to abandon the Gmail interface for Outlook Connector, but Outlook Connector never worked well, says Brister. "Outlook Connector actually broke a number of times," he adds.

Like Aisle 7's Harris, Brister takes umbrage with the way distribution lists are set up in Outlook Connector.

"With Exchange when you send a group e-mail it populates the "To" field with all members of that group," he says. "In Gmail and Outlook Connector all you see is the e-mail address in the 'To' field. You can't reply to one person or see who's on the list. It's just an http address. You have to reply to all or add people individually and reply that way."

Another source of aggravation for Brister was with Gmail's calendar invites. If you add an attachment to a meeting invite the attachment has to be a link to a Google Doc or it won't go through. The solution was to send follow up e-mails to the group with the attachment.

3. Downtime Hits

In the one year that Aisle 7 was using Google Apps Harris experienced four instances of downtime lasting several hours each, he says, adding that the entire service didn't go down, but some important facets did.

"Outlook would stop working but IMAP [the e-mail retrieval protocol] would keep working. Or Active Sync protocols would not work but Outlook would work."

Aisle 7 went live on Microsoft's BPOS service in early June. It was initially interested in the $60 per user per year version that gives full Exchange mailbox functionality with 25GB per user, but decided to invest in the $120 per user per year version, which comes with full Exchange, SharePoint, Office Communicator and Live Meeting.

Though more than twice the price of Google Apps Premier, Harris says BPOS will ultimately save the company money because Live Meeting will replace WebEx for Web meetings and video conferencing. WebEx has been costing Aisle 7 $600 per user per year.

Serena says it experienced slow response times with Google Apps. Eventually one of Bristler's IT staffers discovered Serena's data was backed up in a Google data center in Berlin, Germany. "Mountain View is just up the street from our headquarters in Redwood City, so why are we in Berlin?" says Bristler. "We issued tickets asking why we're not in a local data center but we had trouble getting any feedback."

4. Customer Support Letdowns

When asked about customer support for Goggle Apps, Aisle 7's Harris says: "They hardly offer any. Their policy is unless the service is down you can't call them."

Bristler says he was nearly driven crazy by what he calls Google's "arrogant and complacent" view of customer service.

While most companies will send you slides for new product roadmaps for referencing and ongoing conversations, Google showed Serena its product roadmap via a WebEx online meeting and never actually sent roadmap items or commitments via e-mail, says Bristler.

"I quickly discovered that nothing ever got achieved. Google just changed the quarter dates on these items, so it was always a sliding scale," he says. "I'd contact them and ask what's the status of such and such? And the Google sales manager would go off the record and say: 'I don't know, looks like it's been delayed.'"

Serena has a year left on its Google Apps contract, but is content to walk away because not much money will be lost, Bristler says. Though Microsoft is a relative newcomer to cloud services, Bristler says he feels comfortable with the BPOS service after a trip to Redmond to see the product roadmap and talk to Microsoft executives.

Serena currently has 500 users are still using Gmail and Outlook Connector and about the same amount have moved to BPOS. Bristler anticipates an increase in user productivity, more confidence in Outlook, good customer support, and because he tied the BPOS contract in with a new enterprise agreement, he foresees improved license management and compliance.

"At the very least, we are going back into familiar waters instead of being in deep water without a boat," he says.

External Source: http://msexchangeteam.com/archive/2010/08/10/455779.aspx

After reading this post, you should have better understanding of:

• How to plan your migration by understanding your current forest configuration and your desired configuration.
• Different ways for you to synchronize user data between different AD forests.
• Networking and Administrator permissions required to perform a successful cross-forest mailbox move.

The trends we are seeing currently show that companies are having more trouble understanding the different scenarios than performing the migration. There are several scenarios here, and Microsoft has tools, documentation, and scripts to assist in each one of them.

There are many reasons companies choose to have multiple forests or maybe find themselves with multiple forests, requiring cross-forest moves of users and mailboxes. For instance:

1. Companies that merge, are bought out, or have absorbed another company in some manner.
2. Companies who want to start fresh and leave a lot of legacy issues behind.
3. Companies that have subsidiaries; segment their environment by Department, Geography, or for Security considerations.

The common Active Directory topologies that are supported in Exchange 2010 are as follows:

• Single forest, single Active Directory site
• Single forest, multiple Active Directory sites
• Multiple forest, multiple Active Directory sites

Exchange deployment topologies vary due to organizational size and business complexity. Variations may include Single Forest, Resource Forest, Hybrid Forest, and Cross Forest topology. For purposes of discussion the following forest definitions will be used going forward:

Forest Name	Active Directory user object status	Mailbox Status
Exchange Forest	Enabled User Object	Mailbox Enabled
Account Forest	Enabled User Object	No mailbox enabled objects
Resource Forest	Disabled User Object (linked to a separate enabled user object in an Account Forest)	Mailbox Enabled
Hybrid Forest	Both 1.) AD Enabled Mailbox Enabled 2.) AD Disabled Mailbox Enabled	Both mailbox enabled and disabled objects

Most of the Cross-Org Move Mailbox scenarios are closely related to the Active Directory Forests involved in the migration. There are 3 major scenarios to be considered:

1. Move from Exchange Forest A to Exchange Forest B. This means that the user is a security principal in forest A and after he is moved to forest B, he is a security principal in forest B as well.

• This may be a hybrid-forest scenario, typical during inter-forest migrations, because the user is security principal in both.
• Hybrid is when there are both enabled and disabled users in the same forest.

2. Move from Account Forest to Exchange Resource Forest.

• Company is splitting Exchange off to its own forest. Maybe due to outsourcing it, complex business organization, or desire to de-couple the Exchange org (e.g. messaging services) from the other infrastructure.

3. Move from Exchange Resource Forest to Account Forest. This is the reverse of #2.

• Company is bringing Exchange back into the same forest for simplicity, to better integrate with OCS (though they are not required to be in the same forest), or collapsing/consolidating previously separate Exchange orgs into one user forest.

Cross-forest is when all users from the same organization are only contacts or mail enabled user objects in the other forest.

• This is not referenced as a common scenario because it's usually in place between two separate legal entities and there would not be much movement (e.g. migrations) between them.

Active Directory Forest Configuration examples:

Below are some AD forest configuration examples. The forest scenarios don't necessarily imply there is a "move" or migration going on, some are long-term configurations.

Resource Forest

A Resource Forest scenario is a deployment that has at least one Exchange Resource Forest that hosts user mailboxes (but not active user accounts or enabled user accounts) and at least one other forest that hosts the AD user accounts. In other words, Exchange is installed into an AD forest which is separate from the "user account" AD forest.

• A one-way forest trust where the resource forest trusts the account forest is created.
• Each mailbox in the Exchange forest must have a corresponding user in the account forest, which is granted access to logon to the mailbox. This is referred to as a "Linked Mailbox".

The user objects in the Exchange forest are never logged onto by an end user and are disabled.

Hybrid Forest

Typically this scenario is maintained initially for co-existence while migrating and decommissioning a forest. It is different from a typical cross-forest scenario because there may be both enabled and disabled users in both forests for the same organization. In some cases, an organization may actually need to maintain the Hybrid Forest scenario over the long-term. While this is a supported scenario, it comes with additional complexity that must be addressed:

• Mastering User and Exchange attributes occurs on both sides.
• A tool such as Forefront Identity Manager (FIM), is needed to maintain consistent data on both sides, including the GAL.
• Free/Busy and Public Folder access requires additional configuration, tools, and in some cases maintaining an Exchange 2007 server. (Please note that the IOREPL tool isn't currently supported with Exchange 2010 as a target server and in fact follows the Exchange 2003 Product support life cycle.)
• Free/Busy, over the long-term will be best managed using the new Federation services (Microsoft Federation Gateway)

For more information refer to Understanding Federation

Cross-forest

Both forests contain mailboxes and user accounts and contacts. This type of configuration has user accounts always enabled and mailbox enabled, with a corresponding contact in the other forest. The following diagram depicts how different objects are represented in the corresponding forest:

For more information on forests related to Cross Org migrations, refer to http://msexchangeteam.com/archive/2006/11/02/430289.aspx

Three Migration paths you need to choose from:

Depending on the current topology you have employed, you may find yourself planning to move users into the new forest and then following with moving their mailboxes as well. There are essentially three ways of planning to move your resources:

1. A customized deployment in which you write ILM rules extension code to create the target Mail Enabled User (MEU). You should already have a custom ILM deployment for cross forest GALSync. Microsoft Identity Lifecycle Manager Service Pack 1 Feature Pack 1 (ILM 2007 SP1 FP1) GALSync Management Agent (MA) doesn't include several attributes now required in Exchange 2010, most importantly, msExchMailboxGUID. The out of the box GALSync MA cannot be used since it creates contact object instead of user object required for Online Mailbox Move. The ILM sample code demonstrates how to sync source mailbox as Mail Enabled Users (MEU).

Note: Customers using "out of the box" GALSync MA may probably not know how to customize ILM.

1. Use Prepare-MoveRequest.ps1 script to create the target MEU. It is important to note that the PrepareMoveRequest script works in conjunction with "out of the box" Exchange GALSync MA for ILM (or FIM). This means the script has built-in logic to convert target Mail Enabled Contact (MEC) created by ILM GALSync MA into the required MEU.
2. Use Prepare-MoveRequest.ps1 script and then use ADMT to migrate the other attributes on the user object.

Important Note: Our recommendation on working with ADMT is to rely on the PrepareMoveRequest script to create the local user object for mailbox move, and then use ADMT to migrate SIDHistory and password and merge this into the MEU created by PrepareMoveRequest.ps1 script.

The point of doing ILM or the script first is to ensure the MEUs are all created with the correct msExch* attributes. This also ensures the following benefits:

1. A correct GAL immediately for co-existence (short or long-term)
2. Permissions for delegates and mailbox access are preserved during the move using the msExchMailboxGUID attribute. Since this is populated on the target object with PrepareMoveRequest.ps1 the permissions will be maintained in the cross-forest move.

At this point it doesn't matter if ADMT is used to migrate/merge the user objects all at once or in "batches" of user objects. ADMT can be controlled better to ensure only merging of SIDhistory and certain other mandatory attributes if it's not already populated.

Running ADMT first, without ensuring exclusions on msExch* attributes, can cause corrupted objects which the script cannot correctly convert with the -UseLocalObject switch.

Important Note: When SP1 ships, we will support running ADMT first and then the PrepareMoveRequest script later.

ILM and PrepareMoveRequest Scenarios broken-down:

There are basically 5 steps involved with moving a mailbox across a forest in Exchange 2010. They are: Preparing Active Directory, Network Prerequisites, Administrator Permissions, Moving Mailboxes and Clean-up. Each of these steps is series of smaller steps that need to be taken in order to move a mailbox from one Exchange forest to and Exchange 2010 forest.

The first step in Cross Forest mailbox moves is preparing Active Directory. In the target forest a mail enabled user account must be created with certain attributes. The method used for creating the target account and setting the mandatory attributes is up to the organization administrator. ADMT and ILM can be used to synchronize/pull over the attributes from the source forest.

Exchange Provisioning using ILM 2007

If you deployed ILM for cross-forest global address list (GAL) synchronization, the recommended approach to creating the mail-enabled user is to use ILM 2007 Service Pack 1 (SP1) Feature Pack 1 (FP1) or Forefront Identity Manager 2010 (FIM) GALSync MA. We've created sample code that you can use to learn how to customize ILM to synchronize the source mailbox user and target mail user.

For more information, including how to download the sample code, refer to this link.

To deploy Exchange 2010 in a cross-forest topology, you must first install Exchange 2010 in the new forest. Then, provision the mail-enabled users representing the source mailboxes so that Exchange 2010 can move the mailbox and migrated users can see all addresses.

Deployment steps:

• Deploy Exchange 2010 in a cross-forest topology with ILM 2007 FP1 SP1.
• Import and install the ILM sample code from Prepare Mailboxes for Cross-Forest Moves Using Sample Code.

Note: The main purpose of the sample code is to encourage customers to customize, or add more functions to the sample code. The sample code is very basic and it only copies very basic attributes. Customers who rely on this sample code may find many attributes missing.

• Configure the Mail-Enabled User provisioning Management Agents for each forest. This allows the mailboxes in the source forest to be created as MEU in the target forest and ensure a common GAL.
• Create an SMTP Send connector in each forest and configure SMTP namespace sharing (http://technet.microsoft.com/en-us/library/bb676395.aspx).
• In each forest, enable the Availability service so that users in each forest can view free/busy data about users in the other forest. For more information, see Managing the Availability Service.

Note: The Availability service is supported only for Outlook 2007 clients and newer. If Outlook 2003 clients still exist in one of the forests, the only solution will be to deploy Exchange 2007 first in the Exchange 2010 organization (because adding it late is not possible if Exchange 2010 is deployed first) and implement the IOREPL tool to replicate Free/Busy system public folders to the Exchange 2007 server. The Free/Busy system public folder replicas can then be replicated using PF replication to your Exchange 2010 server. IOREPL will not replicate a public/system folder directly to an Exchange 2010 server.

For more information review:

Exchange Provisioning using ILM 2007 and FIM 2010
http://technet.microsoft.com/en-us/magazine/ff472471.aspx

Prepare-MoveRequest.ps1

It may be difficult for some customers to synchronize the prerequisite attributes for performing mailbox moves without using ILM. You may have some other solution in place that does not synchronize the required attributes, and does not allow customization. Small companies may not have a solution at all and simply wish to transition users from an existing forest (that is set to be obsolete) to a new, clean Exchange 2010 forest.

To solve this problem, the PrepareMoveRequest script has been written to prepare the AD target object and synchronize the required attributes for cross-forest moves to work. The script creates the target MEU if necessary, or synchronizes an existing MEU when possible.

The PrepareMoveRequest script prepares Exchange 2003, Exchange 2007, and Exchange 2010 mailbox users for migration to an Exchange 2010 forest.

For more information about using the sample script, refer to the following link.

The PrepareMoveRequest script supports 2 scenarios:

1. Creating a brand new user in the local forest where the MBX will be moved to.
2. A local recipient, either a MEU or MEC already exists, created by an external agent such as ILM - If the local forest object is a mail contact, the script will convert the mail contact to a mail user while persisting the contact's existing exchange-related attributes. If the local forest object is a MEU, the script will reuse this mail user and stamp the essential attributes on the local mail user object. The administrator must specify the -UserLocalObject switch in order to tell the script to use this scenario.

Note: The scenario that the script doesn't support is that some external process created a local user object and relies on the script to copy all the attributes and links from the remote MBX to the local user. This is the ADMT scenario described after this scenario.

In order to run New-MoveRequest cmdlet to move a mailbox from an Exchange 2003/2007/2010 source forest to an Exchange2010 target forest, the target forest must contain a valid MEU account with the set of AD attributes described in this section. These attributes are synchronized by the PrepareMoveRequest script.

There are certain mandatory attributes that should be present on the target mail user for New-MoveRequest to run properly. These attributes are always set by the PrepareMoveRequest script, either as they are taken from the source MBX, or as determined by the script. The attributes are listed here http://technet.microsoft.com/en-us/library/ee861103.aspx.

Process Overview: Run PrepareMoveRequest script first and then ADMT

• Prepare MEU

To create the target mail enabled user account in an Exchange 2010 forest from the source mailbox enabled account in the source Exchange forest, the PrepareMoveRequest script must be executed in the target Exchange 2010 forest. The script pulls the mailbox enabled account attributes from the source forest.

The script can be used to provision one target MEU account at a time, but can also take data that is passed by pipeline as input to provision MEUs in bulk.

Since PrepareMoveRequest script relies on Update-Recipient task that exists only in Exchange Management Shell, all the below commands need to be run in Exchange Management Shell. Running in PowerShell will only result in error.

• Run the below commands in the target forest

$Local = Get-Credential

Input the target forest's Administrator Credentials in "Domain\User" and Password format.

Note: The account used should have permissions to call Update-Recipient which is available only to Exchange Enterprise Admin.

$Remote = Get-Credential

Input the Source forest's Administrator Credentials in "Domain\User" and Password format.

Note: Since the PrepareMoveRequest script will also update the source object's proxyAddresses to include the target object's legacyDN as X500 address, the account used to run this command should have Read and Write access for the source forest.

• Run the PrepareMoveRequest script in the target forest

[PS] C:\>.\Prepare-MoveRequest.Ps1 -Identity "DN of a user from SourceForest" -RemoteForestDomainController "FQDN of Source DC" -RemoteForestCredential $Remote -LocalForestDomainController "FQDN of Target Forest DC" -LocalForestCredential $Local -TargetMailUserOU "Distinguished name of OU in TargetForest" -UseLocalObject

Note 1: You can use the -Verbose flag to check which attributes have been set if you want to get a detailed list of the attributes that were touched.

Note 2: You can use the -UseLocalObject parameter here.

• If the local matching object is found, then the local object will be used.

          Note: If the local matching object is found and UseLocalObject is not defined, the script will throw an error.

• If the local object doesn't exist, even if UseLocalObject is specified, the script will still create a new one.

If you are sure that you didn't prepare local object before, you could remove this parameter to ensure accidental overriding.

• In the target forest, we get a new disabled mail-enabled user AD object created with some of the following Exchange attributes:

legacyExchangeDN, mail, mailnickname, msExchmailboxGuid, proxyAddresses, X500, targetAddress, userAccountControl, userprincipalName

• SIDHistory is empty. This is expected because Exchange doesn't migrate SIDs. At this point all of the required attributes to perform a mailbox move have been synced into the target forest.
• Run ADMT in the target forest.

Note: Currently the Active Directory Migration Tool (ADMT) v3.1 is not supported on Windows 2008 R2 Servers. If you plan to use ADMT v3.1, it must be installed on Windows 2008 server.

• Check the results in the target forest: The user should now have SIDHistory matching the objectSid of the source object (all other attributes are left untouched)

Gotchas running ADMT first and then PrepareMoveRequest script:

Currently, several customers are running ADMT first and then running the PrepareMoveRequest script. When a user is created via ADMT, the PrepareMoveRequest script doesn't work since there are no proxyAddresses for the script to match the source forest user with the target forest user.

The recommended approach is to copy at least 1 proxy address using ADMT. However, if you use the -UseLocalObject parameter, the script will only copy the 3 mandatory parameters (msExchMailboxGUID, msExchArchiveGUID, msExchArchiveName). This is not very useful. Customers can simply copy these 3 themselves.

Important Note: In SP1, we are adding the OverwriteLocalObject parameter. This is designed for the ADMT case. ADMT can copy the SIDhistory, password, and proxyAddresses, and the PrepareMoveRequest script can sync the other email attributes. In this case, it will copy attributes from source to target, so it's the opposite of UseLocalObject.

ADMT and Exchange Attributes

ADMT transfers Exchange attributes (e.g. homeMDB, homeMTA, showInAddressBook, msExch*) which make the target user look like a legacy mailbox in the target domain. This leaves the target account in an invalid state (e.g. homeMDB still points to the old forest) which is unexpected for the

PrepareMoveRequest.ps1 script. To prevent this, Exchange attributes are excluded from ADMT.

The PrepareMoveRequest.ps1 script can identify and match existing accounts in the target forest based on their SMTP address (proxyAddresses attribute).

Note: It can also do this based on the MasterAccountSid, but this is only populated for accounts in a resource forest scenario.

More precisely, the script will use the existing target accounts if the following are true:

• The target account has a value in proxyAddresses which matches one of the proxyAddresses of the source account.
• The target account is a mail enabled user i.e. you can retrieve it with the Get-Recipient command. For this to succeed, it needs to have mail attributes like 'mail', 'targetAddress' etc.
• You need to specify the -UseLocalObject parameter in the script

If all these are true, the script will copy further attributes needed (especially msExchMailboxGUID) to the target account so that the move request can process the accounts.

By default, ADMT 3.1 does NOT migrate "mail", "msExchMailboxGuid" and "proxyAddresses" attributes  because of security reasons. This is documented in the below article under "System attribute exclusion list"

Managing Users, Groups, and User Profiles
http://technet.microsoft.com/en-us/library/cc974331(WS.10).aspx

Important Note: When running ADMT second after ILM due to both forests having the same schema (attributes), unexpected Exchange attributes are brought over.  This can cause issues.  HomeMDB for example is brought over and causes the MEU to look like a legacy mailbox, and is unusable.

To resolve the problem of ADMT being run first, and leaving the user in an invalid state for the PrepareMoveRequest.ps1 script, you can create the following VB script/ADMT COM object model to exclude all Exchange attributes from being migrated by ADMT.

Set O = CreateObject("ADMT.Migration").
o.SystemPropertiesToExclude = " HomeMDB,HomeMTA,showInAddressBook,msExchHomeServerName, mail, proxyAddresses, msExch*"

This allows update-recipient to find the target object and match it with the source account and merge the two together.  For more information, refer to the below article:

You will find that several custom attributes are missing when you use ADMT to migrate users between two forests

http://support.microsoft.com/kb/937537

Network Prerequisites

When mailboxes are moved from one Exchange 2010 forest to another Exchange 2010 forest, the process is handled through Exchange 2010 Client Access Servers using the MRSProxy service. The only port required to be open between the forests for MRSProxy to use HTTPS traffic is port 443. This works even if the source mailboxes are on 2003 or 2007 MBX servers as long as an Exchange 2010 CAS server exists in both organizations.

Note: The whole forest doesn't need to be Exchange 2010 in order to use the MRSProxy. If there is at least one Exchange 2010 CAS in the forest (with access to the Mailbox Servers and AD), it can be used as the MRS Proxy for moves from a mostly Exchange 2003 or Exchange 2007 forest. This can be called the "Remote" scenario (or the "MRSProxy" scenario).

If the mailbox is being moved from legacy Exchange forest then the mailbox replication service will need to have the same TCP ports open that is needed for a normal local mailbox move. Listed are the TCP ports that are needed for a local mailbox move. These ports will be needed to be open both ways for mailboxes to be moved.

Note: This is more of the "Remote Legacy" scenario, but it can be used between two Exchange 2010 forests as well as between one Exchange 2010 forest and one Exchange 2003/2007 forest.

Port	Protocol
808 (TCP)	Mailbox Replication Service uses to communicate
53 (TCP)	DNS
135 (TCP)	RPC End Point
389 (TCP)	LDAP
3268	LDAP
1024 > (TCP)	if mailbox store is not statically configured then 1024 higher ports need to be open
88 (TCP)	Kerberos
445 (TCP)	Microsoft-DS Service
443 (TCP)	Mailbox Replication Proxy service uses port 443 to communicate with other Exchange 2010 client access server via HTTPS.

Also it is necessary for servers in both forests to successfully perform name resolution using DNS.

For cross forest mailbox moves via the MRSProxy service, the source and target servers use certificates to encrypt the HTTPS traffic. The CAS Servers in the source and target forests must have installed a valid certificate that has been issued by a trusted certificate authority recognized by the server in the opposite forest.

Administrator Permissions

In order to move mailboxes across different Exchange forests the account used to initiate the move request in the target forest and the account used to access the mailbox and directory in the source forest must have the proper permissions. The permissions that are needed for the account in the source forest depend on the type of move.

Remote

The account must have the privileges made available by membership in the Recipient Administrators group.

Remote Legacy

The migration account must have the following permissions.

• Exchange Server Administrators role
• Exchange Recipient Administrators role

Destination Forest Permissions

In the target Exchange 2010 organization the account used to create and manage the move request must be a member of the Organization Management or Recipient Management role groups, or have the following RBAC roles assigned either directly or through group membership:

• Move Mailboxes role
• Mail Recipients role
• Mail Recipient Creation role

Only the Move Mailbox role is required to have access to the New-MoveRequest command. However, the Mail Recipients and Mail Recipient Creation roles may also be required to creating and managing target accounts in preparation for mailbox moves.

Moving the mailbox

There are two methods to move a mailbox across forests using Exchange 2010. The method used depends on the type of cross forest move. Both Remote and Remote Legacy cross forest moves can be performed from the Exchange Management Shell, but only Remote moves can be performed from the Exchange Management Console.

Exchange Management Console

To create a new move request for a cross forest move using Exchange Management Console (EMC), the console must have a session open to both the target and source forests at the same time using the feature Add Exchange Forest. This makes it possible to maintain a connection to an Exchange 2010 server in the source forest, and an Exchange 2010 server in the target forest. With a connection to servers in both source and target organizations via the EMC, you will be able to identify a mailbox that is to be moved from the source forest, while initiating the move request on an Exchange 2010 server in the target forest.

To initiate a cross forest move with the Exchange Management Console, navigate to the Mailboxes folder in the Recipient Configuration node of the source forest, select the mailbox(es) to be moved, and then select New Remote Move Request. This starts the New Remote Move Request.

Exchange Management Shell

To initiate a cross forest mailbox move in the Exchange Management Shell a New-MoveRequest command must be issued with Remote* parameters. Move requests issued without Remote* parameters are local moves within the same Exchange forest.

The New-MoveRequest cmdlet requires certain attributes to be synchronized between the source MBX account and the target MEU account in order for the mailbox move to succeed. This is described in the previous steps.

In the target domain, perform the move request by running the below cmdlet

New-MoveRequest -Identity "Distinguished name of User in Target Forest" -RemoteLegacy -TargetDatabase "E2K10 Mailbox Database Name" -RemoteGlobalCatalog "FQDN of Source DC" -RemoteCredential $Remote -TargetDeliveryDomain "Target domain name"

After the move completes, the proxyAddresses and targetAddress attributes should have changed in the target forest. If the accounts are disabled in the target forest, enable it, set a password and log into OWA and test.

After Online Mailbox Move (OMM), the source object is changed from MBX to MEU and target object is changed from MEU to MBX

For more information on performing cross forest moves in Exchange 2010, refer to Managing Move Requests

Clean-up

When the MRS completes the moving of mailbox data from the source forest to the destination forest it mailbox enables the target user account. If the user account is disabled it leaves the account disabled. The MRS mailbox disables the source account, and converts it into a MEU account with a target address that refers to the primary SMTP address of the target mailbox account. The New-MoveRequest takes the TargetDeliveryDomain parameter. This is what determines which targetAddress to stamp. MRS checks the list of proxyAddresses for one (not necessarily the primary SMTP) that matches the FQDN specified in the TargetDeliveryDomain. The MRS will stamp this address as the targetAddress on the MEU. We moved away from using the primary SMTP address because there is a need to maintain the primary STMP when moving mailboxes cross-forest since this is part of a user's identity. When the primary SMTP address is the same on both forests, mail flow becomes more difficult.

If the source account is to be retired and removed from the source forest, the administrator must plan for this manual operation outside of the mailbox move operation.

What's coming in Exchange 2010 SP1

As mentioned earlier, SP1, will include the PrepareMoveRequest script as part of the install. Additionally, we are fixing a couple of issues with that script:

1. Requiring separate local and remote credentials to run the script.
2. LegacyExchangeDN not set on the new user object after converting local contact to local user.
3. When specifying TargetMailUserOU, we will only search OUs (instead of other object class).

Common Issues

The most common issues related to PrepareMoveRequest script are listed below. These are not relevant if you have deployed the customized ILM, or if you have already run PrepareMoveRequest.

1. Not able to match source forest user with target forest user. This is mainly due to the fact the script relies on proxyAddresses to match objects, so the target forest user needs to have at least 1 proxy address that matches the source
2. Inadequate AD permission to delete/add recipient objects. The script manipulates AD directly and invokes the Update-Recipient cmdlet at the end, so you need to have the appropriate permission to change AD and call Update-Recipient. Another thing you can check is whether the TargetMailUserOU is set correctly.
3. The current script does not have good support for users created by ADMT. The updated PrepareMoveRequest script in SP1 will support a new parameter "OverwriteLocalObject" for users created by ADMT and it will copy attributes from the source forest user to the target user.
4. "UseLocalObject" - This is the script logic where we assume ILM has already created the target forest MEC or MEU, and you want to keep the target forest attributes. So the script will convert the target forest MEU or MEC to the required MEU for MBX move.

Interested in pursuing a Microsoft Certified Master certification?

• Microsoft Certified Master Program Brochure (.PDF)
• Microsoft Certified Master Program Brochure (.XPS)
• Microsoft Certified Master: Microsoft Exchange Server 2010 datasheet (.PDF)
• Microsoft Certified Master: Microsoft Exchange Server 2010 datasheet (.XPS)
• Microsoft Certified Master: Microsoft Office Communications Server 2007 datasheet (.PDF)
• Microsoft Certified Master: Microsoft Office Communications Server 2007 datasheet (.XPS)
• Microsoft Certified Master: Microsoft Office SharePoint Server 2010 datasheet (.PDF)
• Microsoft Certified Master: Microsoft Office SharePoint Server 2010 datasheet (.XPS)

External Source: http://advice.cio.com/thomas_wailgum/11326/cloud_computings_world_of_acronyms_enter_at_your_own_risk?source=CIONLE_nlt_conversations_2010-08-10

What hasn't the high-tech industry done to the poor "Cloud Computing" moniker? For the past couple years or so, "The Cloud" has been hyped up like a LeBron James appearance, contorted like a Yoga-practicing Swami, poked and prodded again and again, and then hijacked by just about every apps vendor in the known universe.

Sucked up in the marketing vortex of cloud computing's hurricane were software-delivery models SaaS (software-as-a-service) and "Web-based" or "on-demand" computing. Along for the ride now—and further flummoxing market watchers and IT customers—are more aaS's: PaaS (platform-as-a-service) and IaaS (infrastructure-as-a-service). (And don't forget about "private" and "public" clouds!)

Perhaps our favorite was the Governance-as-a-Service solution we heard about this winter. Yes, that's GaaS, friends. (But I digress.)

On occasion, it seems that even the most informed tech-vendor executives and marketing folks are just as confused as the rest of us. Or, perhaps even more insidious, they do know what they're saying—how they're bending truths and glossing over factual, technical inaccuracies—all in the name linking their product or service to The Cloud.

Defining cloud in the broadest of terms is not forbidden according to today's marketing rules. Many a vendor now calls any old app that runs via the Web a "cloud computing solution." (I'm actually doing "cloud blogging" right now!)

Nevertheless, it appears that The Cloud and its marketing-licious brood are here to stay. So what does it all actually mean?

In a new Forrester Research report, principal analyst Paul Hamerman provides definitions for each as well as examples of vendors that offer products and services in each category. It's a great place to start if you're a little overwhelmed by cloud lingo. Let's do it together!

First, this is how Forrester defines cloud computing:

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

OK, I buy that. Then the report then drills down further into the mix:

• Software-as-a-service (SaaS): Finished applications that are available on a rental basis.
• Platform-as-a-service (PaaS): A developer platform that abstracts the infrastructure and middleware.
• Infrastructure-as-a-service (IaaS): A deployment platform consisting of virtualized hosting services.

In addition, there are third-party vendors that sell hosting and application managed services (AMS). "These offerings typically consist of dedicated hosting plus outsourced application support," Hamerman writes, "and more recently, they may incorporate cloud IaaS technologies."

If you're still with me here, then let's look at a couple of vendors that are in the mix and what they actually offer.

Any IT pro is likely to hear from their vendor about their "cloud-based services," as Hamerman points out. Boiled down, this is IaaS served up by a third party. An example is Lawson Software's partnership with Amazon's Web Services Elastic Compute Cloud—Amazon EC2. EC2 hosts the infrastructure for Lawson's ERP customers who choose that option.

However, it appears some

vendors are playing fast and loose with the "cloud-based services" terminology. "Adding to the [marketplace] confusion are 'cloud-based' or 'on-demand' offerings that are actually SaaS applications," Hamerman writes. These include such vendors as: FinancialForce.com, Intacct and SuccessFactors.

Some of those true SaaS providers—such as NetSuite and Salesforce.com—also offer a full array of cloud services, Hamerman writes, such as PaaS and IaaS.

(Really, I was trying to keep this simple.)

Hamerman points to ERP vendor UNIT4, which owns the Agresso Business World and CODA Financials software brands, which "announced its subscription-based IaaS deployment option, available as a multitenant or private cloud for the Agresso suite. UNIT4 also offers application managed services." Got that?

What about SAP and Oracle? What are they up to in the cloud?

This month, SAP will finally make generally available its much-heralded and long-delayed SaaS ERP application: Business ByDesign (ByD), which is a suite of ERP apps hosted by SAP partners. It also recently announced a partnership with Cisco, VMware, and EMC that will offer a virtualized cloud infrastructure service, notes Hamerman.

As for Oracle, that's an easy one: Oracle's most notable SaaS offering is its CRM application: Oracle CRM On Demand. It does offer a hosted, managed-service model called Oracle On Demand, but as Hamerman observes, "Oracle has historically downplayeSaaS as a software delivery and business model, preferring to offer its applications via a licensed, on-premises model."

External Source: http://www.cio.com/article/602672/Wasted_Space_IT_Aims_to_Fill_Disks?source=CIONLE_nlt_insider_2010-08-10

Ten years ago, storage capacity utilization rates hovered around 25%. Now, even after many companies have implemented better management tools, most IT shops still waste as much as 60% of their storage capacity.

At the turn of the century, large data centers still relied mostly on direct-attached storage systems, which offer abysmal data utilization rates -- 25% to 30% of hard drive capacity.

Since then, many enterprise IT managers have at least begun to study technologies that could vastly improve data utilization, like Fibre Channel, IP storage-area networks, thin provisioning and virtualization. A recent survey by TheInfoPro found that almost half of Fortune 1,000 companies now use thin provisioning or plan to do so.

Nonetheless, data utilization rates at most large companies remain at 40% or lower, resulting in a significant waste of electricity and floor space, analysts say.

"Most people I talk to don't even know how many terabytes of capacity they have on the floor, much less what the utilization is," said Andrew Reichman, an analyst at Forrester Research Inc.

Average storage utilization rates will remain in the 20% to 40% range until more IT managers start implementing the several storage management technologies available today, he added.

Over the past five years or so, thin provisioning, or provisioning only as much storage as an application server needs, has been among the most popular ways to boost IT storage utilization.

Slumberland Inc. has seen a significant improvement in data utilization since adopting the technology in 2004, said Seth Mitchell, an infrastructure team manager at the furniture retailer.

Since Slumberland installed arrays from Compellent Technologies Inc. with thin provisioning tools, the company's disk capacity utilization rate has reached 66%, Mitchell said. Without thin provisioning, the rate would hover around 30%, he estimated.

Texas Christian University, which rolled out a 3Par Inc. SAN with thin provisioning capabilities two years ago, has seen its data utilization rate increase to 50% of capacity, said Bryan Lucas, executive director of technology resources.

The university had previously used direct-attached storage systems, which Lucas said were easy to deploy and manage -- until the school's server farm began to grow. "The direct-attached model didn't scale well," he said.

Gartner Inc. (IT) analyst Adam Couture suggested that corporate implementations of thin provisioning technology have likely been slowed by a flagging economy.

Comprehensive storage monitoring and reporting tools can cost $250,000 to $1 million, Reichman said, and in many cases a full-time employee is needed to manage such a system.

Great blog from Microsoft The Storage Team at Microsoft - File Cabinet Blog  about migrating SYSVOL Replication from Windows 2003 to Windows 2008 R2 from FRS to DFS Replication !

SYSVOL Migration Series: Part 1—Introduction to the SYSVOL migration process

SYSVOL Migration Series: Part 2—Dfsrmig.exe: The SYSVOL migration tool

SYSVOL Migration Series: Part 3—Migrating to the 'PREPARED' state

SYSVOL Migration Series: Part 4—Migrating to the ‘REDIRECTED’ state

SYSVOL Migration Series: Part 5—Migrating to the ‘ELIMINATED’ state

External Source: http://www.cio.com/article/602066/Your_Workplace_in_2020_Gartner_s_Predictions?source=CIONLE_nlt_leader_2010-08-09

CIO — How will people work 10 years from now? Gartner thinks it has a pretty good idea, predicting 10 major changes that will occur during the next 10 years.

"Work will become less routine, characterized by increased volatility, hyperconnectedness, 'swarming' and more," said Tom Austin, a Gartner fellow, in a media announcement.

In just five years, the report notes, 40 percent or more of an organization's work will be "non-routine," which is up from 25 percent in 2010.

"People will swarm more often and work solo less. They'll work with others with whom they have few links, and teams will include people outside the control of the organization," Austin stated. "In addition, simulation, visualization and unification technologies, working across yottabytes of data per second, will demand an emphasis on new perceptual skills." (Yes, he said "yottabytes.")

While Gartner offers 10 key changes in the nature of work in the report, here are five of the most interesting trends that Gartner predicts.

1. De-routinization of Work. "The core value that people add is not in the processes that can be automated, but in non-routine processes, uniquely human, analytical or interactive contributions that result in words such as discovery, innovation, teaming, leading, selling and learning," states the report. "Non-routine skills are those we cannot automate. For example, we cannot automate the process of selling a life insurance policy to a skeptical buyer, but we can use automation tools to augment the selling process."

2. Work Swarms. Gartner says that "swarming" is a work style characterized by a "flurry of collective activity by anyone and everyone conceivably available and able to add value."

"Swarms form quickly, attacking a problem or opportunity and then quickly dissipating," the report notes. "Swarming is an agile response to an observed increase in ad hoc action requirements, as ad hoc activities continue to displace structured, bureaucratic situations."

3. Attention to Patterns. Previous Gartner research has centered on "pattern-based strategy." Basically, as the global economic environment has become more volatile, businesses have struggled to strategize for the future—since so much has been unpredictable.

In turn, Gartner predicts "growth in the number of organizations that create groups specifically charged with detecting divergent emerging patterns, evaluating those patterns, developing various scenarios for how the disruption might play out and proposing to senior executives new ways of exploiting (or protecting the organization from) the changes to which they are now more sensitive."

4. Hyperconnectedness. It may sound buzz-worthy, but hyperconnectedness is a "property of most organizations, existing within networks of networks, unable to completely control any of them," notes the report. For instance, while critical supply chain elements are supposed to be "under contract," there is no guarantee that those supply chain partners and systems will perform properly, even if the supply chain is in-house, according to Gartner.

"Hyperconnectedness will lead to a push for more work to occur in both formal and informal relationships across enterprise boundaries," the report states, "and that has implications for how people work and how IT supports or augments that work."

5. My Place. It's no surprise to learn that the workplace is becoming more virtual, notes the report, "with meetings occurring across time zones and organizations and with participants who barely know each other, working on swarms attacking rapidly emerging problems." Of course, employees still have need for a "place" where they want to work.

“Many will have neither a company-provided physical office nor a desk, and their work will increasingly happen 24 hours a day, seven days a week," states the report. "In this work environment, the lines between personal, professional, social and family matters, along with organization subjects, will disappear."

Workers will have to deal with the complexity (and chaos, it seems) created by overlapping demands, "whether from the new world of work or from external (non-work-related) phenomena," states the report. "Those that cannot manage the underlying 'expectation and interrupt overloads' will suffer performance deficits as these overloads force individuals to operate in an over-stimulated, information-overload state."

Question of the Day…

Q: I just bought a new server and it appears to have a multitude of BIOS options for virtualization. Which BIOS options should be enabled and/or disabled to use with Hyper-V?

A: Great question. Let’s break this down into what features are required, what is recommended and what should be disabled.

-------------------------------------------------------

Hyper-V RTM/R2 Hardware Requirements

-------------------------------------------------------

When it comes to hardware requirements for Hyper-V, the hardware requirements are relatively straightforward and have been mainstream for many years and many generations of systems.

1. Hyper-V is 64-bit only and thus requires a 64-bit (x64) processor

o Windows Server 2008 was the final 32-bit (x86) Windows Server release and Windows Server 2008 32-bit version does not include Hyper-V

2. Hardware Virtualization Assists* in the form of:

o Intel VT-x (initially codenamed Vanderpool)

o AMD AMD-V (also called SVM and initially codename Pacifica)

3. Hyper-V requires Hardware Data Execution Prevention:

o Intel refers to it as Execute Disable (XD). This feature must be enabled in the system BIOS.

o AMD refers to it as No Execute (NX). This feature must be enabled in the system BIOS.

Again, these are Hyper-V requirements and Hyper-V will not run without these capabilities.

*Note: When you enable hardware assisted virtualization (Intel VT or AMD AMD-V) in the BIOS, you must TURN THE SYSTEM OFF. NOT REBOOT. OFF. If you don’t power cycle the system completely, you will not enable hardware assisted virtualization on the majority of systems in the market.

-------------------------------------------------------

Hyper-V R2* & SLAT Hardware

-------------------------------------------------------

For traditional server virtualization or virtualization desktops without RemoteFX, SLAT hardware is not required, but HIGHLY RECOMMENDED. The use of SLAT capable hardware offers significant performance improvements across the board.

· Intel refers to this a Extended Page Tables (EPT)

· AMD refers to this as Nested Page Tables (NPT) or Rapid Virtualization Indexing (RVI)

If there are BIOS option to enable these features (they’re usually on by default), these options should be enabled.

For virtualizing desktops using RemoteFX, SLAT hardware is REQUIRED. The use of SLAT capable hardware offers significant performance improvements across the board and is especially important when using RemoteFX. These technologies are an extension to the traditional TLB that allow Hyper-V to use the hardware to handle multiple TLBs – one for each virtual machine. This is fundamental requirement for RemoteFX.

· Intel refers to this a Extended Page Tables (EPT).

· AMD refers to this as Nested Page Tables (NPT) or Rapid Virtualization Indexing (RVI).

If there are BIOS option to enable these features (they’re usually on by default), these options should be enabled.

Personally, I wouldn’t purchase any system for virtualization that is not SLAT capable.

*Note: To take advantage of SLAT hardware, you must be running Windows Server 2008 R2 or later or Microsoft Hyper-V Server 2008 R2 or later. Previous versions (Windows Server 2008/2008 SP2 & Microsoft Hyper-V Server 2008/2008 SP2) do not support SLAT hardware and will simply ignore these hardware capabilities.

-------------------------------------------------------

Hyper-V : What to Disable in the BIOS

-------------------------------------------------------

There are some hardware features that Hyper-V does not utilize and enabling them will prevent Hyper-V from loading. Specifically, please be sure that:

· Intel VT-d is disabled

· Trusted Execution is disabled

If either of these options is enabled, Hyper-V won’t launch and errors will be posted to the Event Log.

===========================================================================

Q: I’m trying to run Hyper-V on my system and Hyper-V won’t launch. When I look in the event log I see events such as:

· Event ID 41: Hyper-V Launch failed; Either VMX not present or not enabled in the BIOS

· Event ID 32: Hyper-V Launch failed; At least one of the processors in this system does not appear to provide a virtualization platform supported by Hyper-V

I’ve ensured that both:

1. Hardware Assists are enabled (Intel VT or AMD-V)

2. Data Execution Prevention is enabled (Intel XD or AMD NX)

What am I doing wrong?

A: It sounds like you’re doing a lot right, but there are a few additional BIOS settings you should check. Please be sure that:

· Intel VT-d is disabled

· Trusted Execution is disabled

Hyper-V does not utilize these hardware features and enabling them will prevent Hyper-V from loading.

===========================================================================

Q: I see that Hyper-V requires hardware Data Execution Prevention. What does that mean? What does DEP do?

A: For more information on DEP, check out this article Data Execution Prevention on MSDN and a useful KB here.

More on DEP:

Data Execution Prevention (DEP) is a system-level memory protection feature that is built into the operating system starting with Windows XP and Windows Server 2003. DEP enables the system to mark one or more pages of memory as non-executable. Marking memory regions as non-executable means that code cannot be run from that region of memory, which makes it harder for the exploitation of buffer overruns.

DEP prevents code from being run from data pages such as the default heap, stacks, and memory pools. If an application attempts to run code from a data page that is protected, a memory access violation exception occurs, and if the exception is not handled, the calling process is terminated.

DEP is not intended to be a comprehensive defense against all exploits; it is intended to be another tool that you can use to secure your application.

external Source: http://www.crn.com/it-channel/226600113;jsessionid=SRG2EYMFOKC4LQE1GHPCKHWATMY32JVN

Midsize and larger enterprises are already deploying cloud computing, sometimes openly and sometimes on the sly, as the concept of working in the cloud is starting to move beyond the hype stage.

Cloud computing is still in its early stages, but adoption of the technology is coming fast, according to a panel on cloud computing held at the Nth Generation Technical Symposium, a three-day customer event held this week by Nth Generation, a San Diego-based solution provider.

IT managers from nearly 200 midsize and larger enterprise customers, mainly from Southern California, interacted with a panel of executives from six vendors working with solution providers to build cloud infrastructures.

Nearly half of the audience members believe that cloud computing has moved beyond the hype phase, with private cloud cited by 23 percent of the respondents to an on-the-spot electronic poll as their primary use of cloud computing, followed by 16 percent who cited software-as-a-service, eight percent who cited co-location, and six percent who cited infrastructure-as-a-service. However, 42 percent said they are not doing any services on the cloud.

Scott Crenshaw, vice president and general manager of Red Hat's Cloud Computing business unit, said cloud computing today is still in the early stages of disruption.

"It's not dissimilar to the early days of Linux," Crenshaw said. "There was a lot of experimentation under the radar before Linux moved to the big screen. Customers have been experimenting with the cloud for two to three years."

A lot of enterprises are investing in private clouds, or at least in shared services that can be moved towards the cloud, said Nick van der Zweep, director of virtualization at Hewlett-Packard (NYSE:HPQ).

There is actually a lot of experimentation going on in cloud computing, said Steve Herrod, CTO and senior vice president of R&D at VMware.

"I tend to find that when companies say they are not in the cloud, that one or two people are already working around their IT department and moving in that direction," Herrod said. "So if you responded 'no,' your company may already be doing it but you don't know."

more: http://www.crn.com/it-channel/226600113;jsessionid=SRG2EYMFOKC4LQE1GHPCKHWATMY32JVN?pgno=2

external content: http://www.cio.com/article/602206/Microsoft_Exchange_in_the_Cloud_Four_Migration_Tips

More companies are moving e-mail into the cloud, and it's not just small companies. Dow Chemical shares why it's migrating Microsoft Exchange to the cloud — and what it's demanding from Microsoft in return

CIO — Tired of managing those Exchange servers in your data center? So are many other companies, and even some of America's Fortune 50 companies are now starting to migrate e-mail and other productivity apps to the cloud — disproving the notion that SaaS and cloud services are fit only for small or mid-sized businesses.

Dow Chemical (DOW) is one such example. One of the leading providers of plastics, chemicals and agricultural products, the Midland, Mich.-based Dow has plans to move its Exchange servers to Microsoft's (MSFT) cloud service for business apps, called BPOS (business productivity online suite).

BPOS includes online versions of Exchange, SharePoint, Office Communication Server and Live Meeting, operated by and delivered through a Microsoft data center.

Dow is a company in transition regarding e-mail and productivity apps. With roughly 50,000 worldwide employees, the company is currently upgrading to Office 2007; it is beginning a full migration to Windows 7 that should be completed by the end of next year.

The move to BPOS will transition Exchange 2003, OCS and Live Meeting to a cloud environment running Exchange 2010. BPOS currently serves only Exchange 2007, but Microsoft plans to migrate the cloud service to Exchange 2010 (and SharePoint 2010) by the end of the year.

Dow will begin a global pilot testing program for its e-mail migration in November, and plans to have it implemented for its entire 52,000-person workforce by the second quarter of 2011.

"It can go that fast because the migration will be transparent for users," says David Day, Dow's Director of Global Information Systems.

The SharePoint aspect of BPOS will be new for Dow, as it has only been dabbling in SharePoint for document management and collaboration.

Find a Vendor You Trust

Why is Dow convinced the change will be so transparent to users? The company is a Microsoft shop and having the Microsoft ecosystem in place was admittedly a factor in choosing BPOS, says Day.

But Dow did go through an RFP (Request for Proposal) and looked at a few BPOS competitors. Day says he is not at liberty to say which competitors Dow considered, but added that a couple competitors were neck and neck with BPOS on cost and capabilities.

"Our previous relationship with Microsoft and its ability to deliver support were a big part of our decision," Day says.

Stay Private

Dow's transition to the cloud for e-mail will not be jarring for users because Dow has had what Day considers a "private cloud" for years now.

Since 2000, Dow has had a third-party provider manage its e-mail servers on-premise in Dow's data center.

"A private cloud hosted by Microsoft is not such a new thing for us," he says. "It feels like a logical extension of our current sourcing strategy."

One choice Dow never considered: a public cloud option. Why? Too many security and privacy risks, he says.

"The risk profile of a public cloud offering doesn't fit a corporation like Dow Chemical," Day says. "I can't imagine there are many Fortune 50 companies that are considering a public cloud service."

Get Added Security, Not Just Savings

Though reluctant to discuss specific costs, Day says the value in moving to BPOS is to gain more capabilities without a huge increase in the cost.

"We did a very detailed cost comparison between re-architecting what we have on-premise versus a Microsoft BPOS solution and the cloud option won," says Day.

Stay Private

Dow's transition to the cloud for e-mail will not be jarring for users because Dow has had what Day considers a "private cloud" for years now.

Since 2000, Dow has had a third-party provider manage its e-mail servers on-premise in Dow's data center.

"A private cloud hosted by Microsoft is not such a new thing for us," he says. "It feels like a logical extension of our current sourcing strategy."

One choice Dow never considered: a public cloud option. Why? Too many security and privacy risks, he says.

"The risk profile of a public cloud offering doesn't fit a corporation like Dow Chemical," Day says. "I can't imagine there are many Fortune 50 companies that are considering a public cloud service."

Dow is doing a big uplift from Exchange 2003, with its limited mailbox sizes and quotas that just don't cut it in today's corporate e-mail environment. The BPOS advantage is that Dow will get Live Meeting and OCS for its worldwide workforce and Exchange mailboxes that can compete with Gmail on capacity, says Day.

Another advantage in moving to the cloud, says Day, is the savings culled from letting Microsoft handle security measures such as intrusion protection and spam filtering.

"Nobody can run Exchange like Microsoft," he says. "From a security perspective, I can't afford to spend as much on securing an Exchange environment as Microsoft can."

On the other hand, says Day, IT departments need to work with their cloud vendor to ensure compliance regulations are being met. "We're not going to just toss all our data over the wall to Microsoft. We're going to engage with them regularly."

Push the Vendor to Do More on Compliance

Day understands that although Microsoft has been providing services via the Internet for years with its MSN mailboxes, it's quite a different thing to provide e-mail services to a Fortune 50 company.

"Microsoft is going through a paradigm shift," says Day. "We're going to have to coordinate with them a lot and learn together."

But one thing Microsoft must do is deliver on its cloud customers' compliance needs.

Day has been adamant that Microsoft not just provide a console for Dow to monitor its own data, but to provide near real-time information flow through an automation interface.

"So we're pushing Microsoft to feed us all available data through an automation framework so we can take immediate action for compliance reasons."

No matter what vendor you choose, Days adds, never enter into a cloud partnership lightly.

"You have to push them. That's critical."

Shane O'Neill is a senior writer at CIO.com.

The System Center Configuration Manager team would like to announce that the following has been released and available for immediate download:
Configuration Manager 2007 R3 Release Candidate (RC)

The official Release Candidate for Configuration Manager 2007 R3 can be downloaded by navigating to http://connect.microsoft.com downloads section of the Configuration Manager 2007 Open Beta program. Please read the release notes, they are separate from the build and also located in the download section.

Support and Feedback:
- All registered Open Beta users can submit bugs and make product suggestions using the Feedback tools provided on Microsoft Connect. This feedback is triaged daily by members of the Product Group. It is your feedback that helps drive feature changes and improvements. See the help link on the ConfigMgr MSConnect homepage for more instructions.
- Newsgroups for ConfigMgr07 R3 can be accessed on Microsoft Connect, they are a great way to post questions and receive general support for specific R3 related questions and answers.

ConfigMgr07 R3 was announced at the 2010 Microsoft Management Summit by Brad Anderson during his keynote. Power management is at the core of the R3 release, it addresses the need that many organizations have to monitor and reduce the power consumption of their computers. ConfigMgr07 R3 Power Management leverages the power management features built into Windows to apply relevant and consistent settings to computers in the organization. There are three major components to power management in ConfigMgr07 R3:

1. Monitoring and Planning: Power Management collects information about computer usage and power settings for computers in the origination. Reports are provided to allow the administrator to analyze this data and determine optimal power management settings for computers.

2. Enforcement: Power management allows the administrator to create power plans which can be applied to collections of computers. These power plans configure Windows power management settings on computers, and different power plans can be configured for peak and non-peak working hours.

3. Compliance: After applying power plans to computers in the organization, the administrator can run reports to validate that power settings were correctly applied and to calculate power and carbon footprint savings across collections of computers.
In addition to power management, ConfigMgr07 R3 will provide customers with enhanced scale and performance support (scale to 300K managed clients per hierarchy, Active Directory delta discovery, dynamic collection updates), as well as enablement of further capabilities for operating system deployment. A full list of the R3 features can be found on Microsoft Connect at the “What’s new in R3” post.

Navigate to Microsoft Connect today and download the ConfigMgr07 R3 Release Candidate (RC) product. Please review the Release Notes before performing any installation and the help (chm) file for specific deployment and supportability guidance.
If you experience any issues with the download or the ConfigMgr Microsoft Connect site please contact, sccmtap@microsoft.com

This week, I am happy to announce three new whitepapers, each around protecting a different workload:

Gartner’s 2010 Magic Quadrant report for Unified Communications has just been published and Microsoft placed in the Leader quadrant, furthest up and to the right!  Microsoft has full reprint rights to the report, so please share the link to the online reprint with your customers today.

Microsoft is credited for having a strong history with collaboration and OCS is noted as having the ability to integrate with collaboration solutions like SharePoint. Microsoft’s position is strengthened through strategic partnerships with Aspect and HP as well as numerous partnerships for IP phones, audio conferencing, SIP trunking and other critical telephony needs. Other noted Microsoft strengths include the upcoming launch of Communications Server “14” which will add several critical telephony functions, Exchange UM’s gain in acceptance and maturity in the market, and Microsoft’s broad UCC paradigm. Noted Microsoft cautions include Exchange UM limitations for users only wanting voicemail and the newness of OCS telephony, audio conferencing and videoconferencing.

Key competitor placements compared to the 2009 Report:

· IBM fell from Leader to Challenger, having lost significant ground on the Completeness of Vision axis (Likely due to their ambiguous cloud strategy and lack of UC market traction)

· Cisco gained ground, landing just behind Microsoft

· Avaya primarily improved its foothold in Completeness of Vision, and slightly improved the Ability to Execute axis.